Описание
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
Ссылки
- ExploitIssue Tracking
- Release Notes
- Vendor Advisory
- Mailing List
- Mailing ListThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.82.1 (исключая)
cpe:2.3:a:gnome:glib:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*
EPSS
Процентиль: 71%
0.00719
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-120
Связанные уязвимости
CVSS3: 9.8
ubuntu
7 месяцев назад
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVSS3: 7
redhat
8 месяцев назад
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character.
CVSS3: 9.8
debian
7 месяцев назад
gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one erro ...
EPSS
Процентиль: 71%
0.00719
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-120